Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 and VLANs.

Hi all,

I need help. We have one PIX 501 which

connects our internal network to Internet.

But we need to create two VLANs.

And PIX 501 doesnt do this.

Any suggestions?

BR

jl

7 REPLIES

Re: PIX 501 and VLANs.

Purchase a PIX 506!

HTH.

New Member

Re: PIX 501 and VLANs.

That's good idea.

Is any other solution?

BR

jl

Re: PIX 501 and VLANs.

The PIX 501 does not support VLAN's, if you have to have 2 VLANS's, you could use a router. If you have a router in the network or lying about doing nothing, you can configure the router to be the routing device between the VLAN's. You could also use any kind of switch that supports layer 3 routing?

Do you have a router or switch available?

New Member

Re: PIX 501 and VLANs.

Hi Andrew,

thanks a lot for advice. I was thinking about

buying new L3 switch but maybe better solution will be to buy new PIX 506E.

What do you think about this solution?

Answer to your question:

Now we have not router or L3 switch.

BR

jl

Re: PIX 501 and VLANs.

John,

You can purchase a 506 - that will give you the vlan funtionality, and you could buy a L3 switch which will also give you vlan capabilities.

However if you want to keep the costs down - you could just buy a router, which will give you all the inter-vlan routing capability you need....as long as you have a switch that supports 802.1q vlan trunking?

If not - you would be better off with a L3 switch!

HTH.

Gold

Re: PIX 501 and VLANs.

Re: PIX 501 and VLANs.

Agree with Steven, most if not all of our recommendations to clients is to use the newer asa firewall products in a migration path, beside, not will the asa5505 provide you with up to 20 virtual interfaces with Sec plus license, but other numerous features pix code 6.3(5) does not come close to providing.

Ultimatelly the pix 506 cannot go beyond code 6.3(5) and probably give you up to 2 vlans maximun, and from clients experience out there they end up in a dead lock when needing new features, you want to have a product in your network whether is small that would be able to move forward with 7.x/8.x codes.

If the above is not of a concern at all, then what Andrew sugested would work.

Rgds

-Jorge

3065
Views
5
Helpful
7
Replies